NameVirtualHost *:80

<VirtualHost *:80>
  ServerName fedorapeople.org
  ServerAlias *.fedorapeople.org
  ServerAlias ols.fedoraproject.org
  ServerAlias people.fedoraproject.org
  ServerAlias people1.fedoraproject.org

  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
  ##
  # Domain: people.fedoraproject.org fedorapeople.org
  # Owner: admin@fedoraproject.org
  #
  ServerName fedorapeople.org
  ServerAlias *.fedorapeople.org
  ServerAlias ols.fedoraproject.org
  ServerAlias people.fedoraproject.org
  ServerAlias people1.fedoraproject.org
  ServerAdmin admin@fedoraproject.org

  DocumentRoot /srv/people/site

  SSLEngine on
  SSLCertificateFile    /etc/pki/tls/certs/wildcard-2017.fedorapeople.org.cert
  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2017.fedorapeople.org.key
  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2017.fedorapeople.org.intermediate.cert
  SSLHonorCipherOrder On
  SSLCipherSuite {{ ssl_ciphers }}
  SSLProtocol {{ ssl_protocols }}

  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
#  ErrorLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-error.log-%Y%m%d 86400 -l"
#  CustomLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-access.log-%Y%m%d 86400 -l" vcommon
  ErrorLog logs/fedorapeople.org-error.log
  CustomLog logs/fedorapeople.org-access.log vcommon

    <Location />
        ExpiresActive On
        ExpiresDefault "access plus 30 minutes"
    </Location>

  <Directory /srv/people/site>
    Options Indexes FollowSymLinks
    Require all granted
  </Directory>

  <Directory /usr/share/cgit>
    Require all granted
  </Directory>

  UserDir public_html
  <Directory "/home/fedora/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    #IndexOptions NameWidth=* FancyIndexing
    Require all granted
    Require method GET POST OPTIONS
  </Directory>

  <Directory "/home/fedora/*/public_git*">
    Require all granted
    Require method GET POST OPTIONS
  </Directory>

  <Directory /project>
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes FollowSymLinks IncludesNoExec
    IndexOptions NameWidth=* FancyIndexing
    Require method GET POST OPTIONS
  </Directory>

 # uncomment me after the people03 move
  Alias /groups /project

  Alias /404Error.html /srv/people/site/404Error.html
  ErrorDocument 404 /404Error.html

  RewriteEngine on
  RewriteMap lowercase int:tolower

  RewriteRule ^/icons/(.*)$ /usr/share/httpd/icons/$1 [L]

  # redirect all favicons (not just DocRoot-level) to fedoraproject.org
  # needs to terminate before other rewrite rules start
  SSLProxyEngine On
  SSLProxyCheckPeerCN on
  SSLProxyCheckPeerExpire on
  RewriteRule /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico [proxy]


  # ols.fedoraproject.org
  RewriteCond ${lowercase:%{SERVER_NAME}} ^ols\.fedoraproject\.org$
  #RewriteRule ^(.*)$ /home/fedora/lockhart/proceedings/$1 [L]
  # Content moved after lockhart's account was inactive 2011-12-15
  RewriteRule ^(.*)$ /srv/web/ols/proceedings/$1 [L]

  # skvidal lives on in his code
  RewriteCond ${lowercase:%{SERVER_NAME}} ^skvidal\.fedorapeople\.org$
  RewriteRule ^(.*)$ /srv/web/skvidal/public_html/$1 [L]
  RewriteCond %{REQUEST_URI} /~skvidal/(.*) [OR]
  RewriteRule ^/~skvidal/(.*)$ /srv/web/skvidal/public_html/$1 [L]

  <Directory /srv/web/skvidal/public_html>
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    HeaderName /_defaults/HEADER.shtml
    ReadmeName /_defaults/FOOTER.shtml

    IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
    IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
    Require all granted
  </Directory>

  #<Directory /home/fedora/lockhart/proceedings>
  #  AllowOverride FileInfo AuthConfig Limit Indexes
  #  Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
  #</Directory>
  <Directory /srv/web/ols/proceedings>
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require all granted
  </Directory>

  # the openstack folks need to symlink to a pkg to work
  <Directory /srv/repos/openstack>
   Options +FollowSymLinks
    Require all granted
  </Directory>


  # www.fedorapeople.org
  RewriteCond ${lowercase:%{SERVER_NAME}} ^www\.fedorapeople\.org$
  RewriteRule ^/(.*)$ https://fedorapeople.org/$1 [R,L]
  # rdo.fedorapeople.org -> repos.fedorapeople.org/repos/openstack
  # for the rdo announce day - 2013-04-15 - skvidal
  RewriteCond ${lowercase:%{SERVER_NAME}} ^rdo\.fedorapeople\.org$
  RewriteRule ^/(.*)$ https://repos.fedorapeople.org/repos/openstack/$1 [R,L]

  # [username].fedorapeople.org
  # directory absolute header/readme path must be relative to document root
  # so fake it with an alias chained to a rewrite before the URI rewrite
  RewriteRule ^/_defaults/(.*) /_default/$1 [PT]
  Alias /_default/ /srv/people/site/userdefs/

  RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.fedorapeople\.org$
  RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
  RewriteRule ^repos\.fedorapeople\.org/repos/(.*) /project/repos/$1 [L]
  RewriteRule ^repos\.fedorapeople\.org/(.*) /project/repos/$1 [L]
  RewriteRule ^([a-z0-9-]+)\.fedorapeople\.org/(.*) /home/fedora/$1/public_html/$2 [L]

  # Begin http git clone
  #  First, deny write access
  RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
  RewriteCond %{REQUEST_URI} /git-receive-pack$
  RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
  <Location /git>
    <RequireAll>
      Require not env AUTHREQUIRED
      Require all granted
    </RequireAll>
    Options -Indexes +ExecCGI
  </Location>

  #  Next up, determine which user owns this repo
  SetEnvIf Request_URI ^/git/([a-zA-Z0-9]*)/.* GIT_PROJECT_ROOT=/home/fedora/$1/public_git
  Header set X-GitProject "%{GIT_PROJECT_ROOT}e"

  #  Let's serve objects and packs directly from apache, very performant!
  AliasMatch ^/git/([a-zA-Z0-9]*)/([a-zA-Z0-9]*)\.git(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /home/fedora/$1/public_git/$2.git/$3
  AliasMatch ^/git/([a-zA-Z0-9]*)/([a-zA-Z0-9]*)\.git(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /home/fedora/$1/public_git/$2.git/$3

  #  And now for the magic, let's run the git cgi script
  ScriptAliasMatch \
	"(?x)^/git/([a-zA-Z0-9]*)/(.*/(HEAD | \
			info/refs | \
			objects/(info/[^/]+ | \
				 [0-9a-f]{2}/[0-9a-f]{38} | \
				 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
			git-(upload|receive)-pack))$" \
        /usr/libexec/git-core/git-http-backend/$2
  # End http git clone

  <Directory /srv/people/site/userdefs>
    Options IncludesNoExec
  </Directory>

  HeaderName /_defaults/HEADER.shtml
  ReadmeName /_defaults/FOOTER.shtml

  IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
  IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
  ServerSignature Off
  AddOutputFilter INCLUDES .html
  #SetEnvIf Request_URI "(?x)^/git/([^/]*)(.*)$" \
  #  GIT_PROJECT_ROOT=/home/fedora/$1/public_git

  # this takes care of user directories
  #ScriptAliasMatch \
  #  "(?x)^/git/([^/]*)(/.*/(HEAD | \
  #      info/refs | \
  #      objects/(info/[^/]+ | \
  #         [0-9a-f]{2}/[0-9a-f]{38} | \
  #         pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
  #      git-(upload|receive)-pack))$" \
  #  /usr/libexec/git-core/git-http-backend/$2
</VirtualHost>

LoadModule deflate_module modules/mod_deflate.so
SetOutputFilter DEFLATE

# need this type
AddType video/webm .webm
AddType text/plain .spec
AddType application/vnd.android.package-archive .apk
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
#
# Everything else that ends in gz is just text/plain
#
<FilesMatch "\.gz$">
   ForceType text/plain
   Header set Content-Encoding: gzip
</FilesMatch>
#
# Match xml.gz to application/x-gzip for repo files
#
<FilesMatch "xml\.gz$">
   ForceType application/x-gzip
   Header unset Content-Encoding
</FilesMatch>

<Location />
    # Insert filter
    SetOutputFilter DEFLATE

    # Netscape 4.x has some problems...
    BrowserMatch ^Mozilla/4 gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch ^Mozilla/4\.0[678] no-gzip

    # MSIE masquerades as Netscape, but it is fine
    # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
    # the above regex won't work. You can use the following
    # workaround to get the desired effect:
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

    # Don't compress images or already compressed files.
    SetEnvIfNoCase Request_URI \
    \.(?:gif|jpe?g|png|gz|bz2|tgz|xz|iso|rpm|sqlite|pdf)$ no-gzip dont-vary

    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
</Location>

<LocationMatch "/repos/.*\.(xml|xml\.gz|xml\.asc|sqlite.+)$">
    Header set Cache-Control "must-revalidate"
    ExpiresActive On
    ExpiresDefault "now"
</LocationMatch>

FileETag MTime Size
